CVE-2025-34248
BaseFortify
Publication date: 2025-10-09
Last updated on: 2025-10-14
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| d-link | nuclias_connect | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-34248 is a directory traversal vulnerability in D-Link Nuclias Connect firmware versions prior to 1.3.1.4. It exists in the /api/web/dnc/global/database/deleteBackup endpoint due to improper sanitization of the deleteBackupList parameter. This flaw allows an authenticated attacker to delete arbitrary files on the system, which can compromise the system's integrity and availability. [1]
How can this vulnerability impact me? :
This vulnerability can allow an authenticated attacker to delete arbitrary files on the affected system, impacting the integrity and availability of the system. This means critical files could be removed, potentially causing system malfunction, data loss, or service disruption. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your D-Link Nuclias Connect firmware version is prior to 1.3.1.4 and by monitoring or testing the endpoint /api/web/dnc/global/database/deleteBackup for improper sanitization of the deleteBackupList parameter. Since the vulnerability requires authentication, you can attempt to authenticate and send crafted requests to this endpoint to see if arbitrary file deletion is possible. Network monitoring tools can be used to detect suspicious requests targeting this endpoint. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the D-Link Nuclias Connect firmware to version 1.3.1.4 or later, where this directory traversal vulnerability has been fixed. Additionally, restrict access to the affected API endpoint to trusted users only and monitor for any suspicious activity involving the deleteBackupList parameter. Ensure that only authenticated and authorized users can access the system to reduce risk. [1]